Bob Walder and Chris Morales from NSS labs wrote a very interesting article recently on cyber security. We have summarised the main points below.
Cyber-resilience is the key to protecting your servers, network or Data Centre
NSS Labs’ research says that most modern leading security products are effective however your business will never be 100% safe from malicious attack no matter how much you invest. For example, the latest NSS Labs next generation firewall (NGFW) group test revealed eight out of nine products scored more than 90% for security effectiveness, but none scored 100%. The highest detection rate was 98.5%.
However, it is not the 98.5% detected that should be the focus; it is the 1.5% that is missed. Security breaches occur every day and no one is immune. A cyber-resilience program works on the premise that a breach will occur and it is all about how to mitigate or avoid damage when it happens.
How to become cyber-resilient
To become truly cyber-resilient, the NSS Labs recommends the following:
- Work with an IT security specialist to pre-empt your attacker
- What are the likely attacks that could penetrate your security systems?
- Which of those attacks would be effective against your specific business applications?
- Figure out what you can do to reduce your “time to awareness” and response time. The faster you become aware of the breach and the quicker your respond, the better.
- Learn to anticipate attacks and have a process for responding. Assume the breach will occur, and focus on reducing its potential impact.
- Prepare to operate at 60% capacity to withstand a breach, which will reduce, but not eliminate, critical services.
- Plan for flexible network architectures that will allow dynamic re-provisioning of critical resources to isolate and replace infected portions of the network. In a simple example this means making sure you have a fail-over server with up-to-date files which is isolated from the compromised network.
- Segment networks so that a compromised low-priority host cannot infect the rest of your business and cause system-wide loss.
- Do not seek to re-mediate a breach immediately. Isolate the infected portion of the network and learn why the attack was successful while it is still under way, then redesign the architecture to withstand similar attacks.
- Increase the cost to the attacker and buy time for investigation and re-mediation through the use of deception technology.
Trade-offs are often made to achieve true cyber-resilience. Each additional level of security impacts the user experience or business performance. Dynamic provisioning is one approach to cyber-resilience, since it offers the ability to continue providing services on an infected network. This requires a network smart enough to re-prioritise traffic and to re-architect itself on the fly, isolating the infected portion of the network into a contained area. At the same time, new resources can be added to the network to reroute traffic and manage it outside the infected environment.
Cyber-resilience is by no means an easy feat but getting it right could save your business from an IT disaster.